Firewalld is an open-source firewall for your computer that helps block unauthorized access. It's commonly required by security teams in modern organizations and is also useful for everyday computer use.
If you use Linux, you can use firewalld to allow or block network access to certain services or IP addresses. Firewalld is built into CentOS/RHEL 8 and most RHEL-based systems like Fedora.
You can set up firewall rules in firewalld using the firewall-cmd command-line tool.
Before making any changes, let's enable the firewalld service using the systemctl utility like this:
# systemctl enable firewalld
After enabling it, you can start the firewalld service by running:
# systemctl start firewalld
To check if firewalld is running, use this command:
# systemctl status firewalld
The output will confirm that the Firewalld service is active.
Configuring Rules Using Firewalld
Now that firewalld is running, we can set up some rules. Firewalld lets you open and block ports and manage access for IP addresses. Remember to reload the firewall after making changes for them to take effect.
Adding a TCP/UDP Port
To add a port, like port 443 for HTTPS, use this command. Specify if it's a TCP or UDP port after the port number:
# firewall-cmd --add-port=443/tcp --permanent
To add a UDP port, use:
# firewall-cmd --add-port=53/udp --permanent
The --permanent flag ensures the rules stay even after a reboot.
Blocking a TCP/UDP Port
To block a TCP port, like port 443, use:
# firewall-cmd --remove-port=443/tcp --permanent
To block a UDP port, use the same format:
# firewall-cmd --remove-port=53/udp --permanent
Allowing a Service
Network services are listed in the /etc/services file. To allow a service like HTTPS, run:
# firewall-cmd --add-service=https
Blocking a Service
To block a service, like HTTPS, run:
# firewall-cmd --remove-service=https
Saving Firewall Rules
If you have made any changes to the firewall rules, you need to run the command below for the changes to be applied immediately:
# firewall-cmd --reload
Viewing the Firewall Rules
To have to peek at all the rules in the firewall, execute the command:
# firewall-cmd --list-all
Conclusion:
You should now thoroughly understand how to administer the firewall service on your CentOS system for day-to-day use.
The Firewalld service allows you to configure maintainable rules and rulesets that consider your network environment. It also allows you to seamlessly transition between different firewall policies through the use of zones. Acquiring work knowledge of this system will allow you to take advantage of this tool's flexibility and power.
